Operation Duckhunt : Field Testing the FBI’s Anti-Qakbot Payload
In a significant development, the FBI declared today that the Qakbot botnet has been successfully dismantled through a collaborative international law enforcement effort. This operation not only involved the confiscation of the botnet’s infrastructure, but it also involved the removal of the malware from compromised devices or not necessarily ?
Summary
FBI’s payload only terminated the payload from the memory.
Some earlier versions didn’t have the
CMD_0x04
implemented, so some of the infections would still be alive. To tackle this problem, FBI could have usedCmd18_UpdateQakbotBinary
to uninstall the binary from the infected machine.As some of the infections would still be alive (due to many reasons), I have released a remediation tool Anti-Qakbot
to detect and kill the QakBot process on an infected system.
What did FBI actually deliver
After gaining access to top-tier...